Linoleum

Saturday, May 13. 2006

Ten years ago, shortly after I started my first job as a network programmer at an Australian university, I received a call from a person working in one faculty who was having some network difficulties. All of their computers were connected together by 50-ohm coaxial cable ethernet, and two of the computers on this network sent a considerable amount of data to each other.

This data, naturally, was echoed along the entire network cable and was the primary cause of delays and packet loss to other users of the network. The caller wanted to know of a way to solve this problem. My manager suggested the use of a bridge; the two noisy computers could be placed behind this device and their traffic to each other would be confined to their segment. This solution was particularly attractive as it would not require any other changes to the network or the network numbering; it could be inserted and would work immediately.

For a number of years now, the Linux kernel has had the ability to turn any host with more than one network interface into a bridge. This article explains how it works.

What is bridging?

Bridging is the process of transparently connecting two networks segments together, so that packets can pass between the two as if they were a single logical network. Bridging is performed on the data link layer; hence it is independent of the network protocol being used - it doesn't matter if you use IP, Appletalk, Netware or any other protocol, as the bridge operates upon the raw ethernet packets.

Typically, in a non-bridged situation, a computer with two network cards would be connected to a separate network on each; while the computer itself may or may not route packets between the two, in the IP realm, each network interface would have a different address and different network number. When bridging is used, however, each network segment is effectively part of the same logical network, the two network cards are logically merged into a single bridge device and devices connected to both network segments are assigned addresses from the same network address range.

Only those packets that need to cross from one segment of the network to another are passed from one physical interface to the other; a bridge will learn the MAC addresses of the equipment attached to each of its segments, so that it can determine which packets need to be retransmitted. This makes bridges ideal for reducing traffic on heavy networks, by segmenting off any devices that talk to each other frequently.

These days almost all newly deployed networks would use a dedicated bridging device called a switch. This device is effectively a network hub with a bridge segment on every port. All segments are considered to be on the same network, but traffic between two segments is not broadcast to every segment; rather, it is confined only to those two segments themselves.

Why use bridging?

There's probably not much point using a Linux box as a dedicated bridge or switch; switches are now available very cheaply and are much quieter and considerably more power efficient than your average PC.

Additionally, any interface that is part of a bridge must be in promiscuous mode so that it will receive packets that aren't specifically destined for it; this will increase the load on the machine. For this reason, it is better to use a dedicated machine for bridging rather than one that has other important functions.

That said, there are many things that the Linux bridging code can do which isn't possible with commodity switches - bridging one of your ethernet networks with a ppp interface, for example, or bridging together a number of virtual private networks.

Just recently, I had a need to be able to snoop the traffic between an ADSL router and a small embedded VOIP device. The router's functionality was quite limited, so it wasn't able to do this itself; instead, I grabbed a PC with Linux on it, put an extra ethernet card in it, and bridged the network between the router and the VOIP device. This let traffic flow unimpeded, and I was able to see what was passing by running tcpdump on the Linux box.

Are there ways to bridge bridges together? Primarily, because there would be bridges used for certain networks without any attached interfaces. Sometimes those bridges need to communicate with other separate bridges.